***Please do not respond to this e-mail as the mailbox is not monitored.________________________________Confidentiality Notice: In accordance with Covance's Data Classification Policy, this email, including attachment(s), is classified as Confidential or Highly Confidential. This e-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or dissemination of the content of this e-mail is strictly prohibited.

If you have received this e-mail transmission in error or this email is not intended for you, please delete or destroy all copies of this message in your possession and inform the sender. Thank you.

Attached is a file with a name matching the reference in the email, e.g. 0006432242.tgz which is a compressed archive file, containing in turn another archive file with a name like 5611205-19.04.2016.tar and it that archive is a malicious script named in an almost identical format the the TAR file (e.g. 5611205-19.04.2016.js). This script has a typical detection rate of 8/56.

17 comments:

I would recommend everyone to use a vpn service especially to bloggers who need to access the to access their highly fragile information sometimes and access of developer control.A good example would be purevpn apps on iOS and Android both that let you surf anything you want securely and anonymously.

I've stupidly opened this file, was waiting for a shipment that I had just made payment for so assumed this was the confirmation. Is there anything I can do to counteract the file? Should I do a full system format to be safe? thank you in advance

@wowbag - the lowest risk approach is to nuke the system and rebuild, but it may be that your system isn't even infected if you are not in target country (presumably UK). Anti-virus software may take a few days to catch up, but even then it can be a tricky bugger to get rid of.

thank you - I use mac - before I wipe it clean, is this malware for mac? The js files within the uncompressed file were opened up with safari - not a microsoft office file.Sorry, I'm a complete novice and I am usually very suspicious of all files contained in emails, however this one caught me off guard as it came perfect timing to confirming shipment. Thanks

Thanks Conrad, that's a relief. Unfortunately no link to wowbagger - - Someone once described a handbag on eBay as a 'wowbag' - it had a funny ring to it, so wound up using it - had no idea Wowbagger even existed until now. Cheers!